YouTube on your site: it’s good for SEO, it looks great, and you can offer embedded rich content to your visitor’s. That’s great! Or not?

Sure, it’s great. But if your website is aimed at visitors from the EU, you have to comply with the GDPR. And according to the GDPR, you cannot place tracking cookies without consent. When you embed YouTube on your site, placing tracking cookies is exactly what happens: YouTube is part of Google, and we all know (or should know) that Google makes it’s money with your visitor’s data. That’s why it’s free 🙂

YouTube no cookie

Wait: we have a solution: the youtube no cookie URL. Replace in the URL of your youtube video youtube.com with youtube-nocookie.com and your have a no cookie solution. You think. But you’re wrong: the no cookie name for this URL is misleading at least. Yes: the nocookie URL does not place cookies…. until you hit the play button. Then the user gets cookies, still without consent. That’s why Google refers to this method as the “delayed cookie option“.

How to show your video’s in a compliant way

There’s only one solution really, and that is to entirely block youtube until consent has been given. This can be done by filtering the output of the post, and removing the source from the youtube iframe. If you move the src to a data-src attribute in the iframe, YouTube won’t get loaded, and no cookies are placed.

Then, on consent (for example with a cookie banner) the consent can fire some javascript which moves the data-src URL to the src. This will load the YouTube video.

This might be a bit much to implement for most WordPress users: which is why we’ve shipped this feature with both free and premium Complianz | GDPR cookie consent plugins.

Problem solved?

Technically yes. But now, when the users loads the page with the YouTube movie, he or she will see a blank page: it’s blocked. To make this more user friendly, you can use a placeholder from YouTube. While we think this should be no problem with the GDPR, to make absolutely certain that Google cannot track your users, the placeholder will be downloaded to your own site, and served as an image from your site.

Now, when the user loads the page without having given consent, he or she will see a nice placeholder image belonging to the video, with the message: to view this content, accept cookies (customisable in the settings).

Conclusion

To get YouTube loaded on your site in a GDPR compliant way, you’ll have to write some custom code, removing the source from the iframe, then moving it back with javascript after consent. If you’re not technically inclined, you can use Complianz | GDPR cookie consent to handle this for you.

The upside of this: you can now use the YouTube video’s as incentive to get users to accept tracking cookies: if they want to see the video, they’ll have to consent to cookies first.